Get IAM policies
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates how to retrieve IAM policies for a source
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License
, and code samples are licensed under the Apache 2.0 License
. For details, see the Google Developers Site Policies
. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["Demonstrates how to retrieve IAM policies for a source\n\nCode sample \n\nGo\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n\n \tiam \"cloud.google.com/go/iam/apiv1/iampb\"\n \tsecuritycenter \"cloud.google.com/go/securitycenter/apiv1\"\n )\n\n // getSourceIamPolicy prints the policy for sourceName to w and return it.\n // sourceName is the full resource name of the source with the policy of interest.\n func getSourceIamPolicy(w io.Writer, sourceName string) error {\n \t// sourceName := \"organizations/111122222444/sources/1234\"\n \t// Instantiate a context and a security service client to make API calls.\n \tctx := context.Background()\n \tclient, err := securitycenter.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_NewClient(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"securitycenter.NewClient: %w\", err)\n \t}\n \tdefer client.https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1.html#cloud_google_com_go_securitycenter_apiv1_Client_Close() // Closing the client safely cleans up background resources.\n\n \treq := &iam.https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb.html#cloud_google_com_go_iam_apiv1_iampb_GetIamPolicyRequest{\n \t\tResource: sourceName,\n \t}\n\n \tpolicy, err := client.GetIamPolicy(ctx, req)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"GetIamPolicy(%s): %w\", sourceName, err)\n \t}\n\n \tfmt.Fprintf(w, \"Policy: %v\", policy)\n \treturn nil\n }\n\nJava\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n static Policy getIamPolicySource(SourceName sourceName) {\n try (SecurityCenterClient client = SecurityCenterClient.create()) {\n // Start setting up a request to get IAM policy for a source.\n // SourceName sourceName = SourceName.of(/*organization=*/\"123234324\",/*source=*/\n // \"423432321\");\n GetIamPolicyRequest request =\n GetIamPolicyRequest.newBuilder().setResource(sourceName.toString()).build();\n\n // Call the API.\n Policy response = client.getIamPolicy(request);\n\n System.out.println(\"Policy: \" + response);\n return response;\n } catch (IOException e) {\n throw new RuntimeException(\"Couldn't create client.\", e);\n }\n }\n\nNode.js\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n // Imports the Google Cloud client library.\n const {SecurityCenterClient} = require('https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html');\n\n // Creates a new client.\n const client = new https://cloud.google.com/nodejs/docs/reference/security-center/latest/overview.html();\n\n async function getSourceIamPolicy() {\n // sourceName is the full resource name to retrieve the policy for.\n /*\n * TODO(developer): Uncomment the following lines\n */\n // const sourceName = \"organizations/111122222444/sources/1234\";\n\n const [existingPolicy] = await client.getIamPolicy({\n resource: sourceName,\n });\n\n console.log('Current policy: %j', existingPolicy);\n }\n getSourceIamPolicy();\n\nPython\n\n\nTo authenticate to Security Command Center, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from google.cloud import securitycenter_v1\n\n client = securitycenter_v1.SecurityCenterClient()\n\n # 'source_name' is the resource path for a source that has been\n # created previously (you can use list_sources to find a specific one).\n # Its format is:\n # source_name = \"organizations/{organization_id}/sources/{source_id}\"\n # e.g.:\n # source_name = \"organizations/111122222444/sources/1234\"\n # Get the old policy so we can do an incremental update.\n policy = client.https://cloud.google.com/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.services.security_center.SecurityCenterClient.html#google_cloud_securitycenter_v1_services_security_center_SecurityCenterClient_get_iam_policy(request={\"resource\": source_name})\n print(f\"Policy: {policy}\")\n\nWhat's next\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=securitycenter)."]]
